avcodec/ffv1: Fix segfaults on allocation error

When allocating FFV1 slice contexts fails, ff_ffv1_init_slice_contexts()
frees everything that it has allocated, yet it does not reset the
counter for the number of allocated slice contexts. This inconsistent
state leads to segfaults lateron in ff_ffv1_close(), because said
function presumes that the slice contexts have been allocated.
Fix this by making sure that the number of slice contexts on error is
consistent (namely zero).

(This issue only affected the FFV1 decoder, because the encoder does not
clean up after itself on init failure.)

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 93cec14244bf7aa633ee3b43f3585721ad048e83..5b528494003cbba27e015793f46c94d5bdde3904 100644 (file)
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -115,12 +115,11 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f)
 
 av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f)
 {
-    int i;
+    int i, max_slice_count = f->num_h_slices * f->num_v_slices;
 
-    f->max_slice_count = f->num_h_slices * f->num_v_slices;
-    av_assert0(f->max_slice_count > 0);
+    av_assert0(max_slice_count > 0);
 
-    for (i = 0; i < f->max_slice_count; i++) {
+    for (i = 0; i < max_slice_count; i++) {
         int sx          = i % f->num_h_slices;
         int sy          = i / f->num_h_slices;
         int sxs         = f->avctx->width  *  sx      / f->num_h_slices;
@@ -152,6 +151,7 @@ av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f)
             goto memfail;
         }
     }
+    f->max_slice_count = max_slice_count;
     return 0;
 
 memfail: